DKIM - DomainKeys Identified Mail
DKIM (Domain Keys Identified Mail; RFC 8301dated January 2018) is an authentication standard that cryptographically associates a domain name with an email message. Senders insert cryptographic signatures into email messages which receivers can verify by using DNS-hosted public keys. When verification is successful, DKIM provides a reliable domain-level identifier that survive forwarding (unlike SPF).
selector._domainkey.example. net IN TXT “v=DKIM1; k=rsa; p=public key data”
Weakness - DKIM is generally more complex to set up than SPF, requiring a cryptographic signature on each message sent. DKIM will fail when content is modified in transit, like messages sent through a mailing list.